Question
I was watching Ray Villalobos demonstrate how to work with the Twitter API 1.1 changes using PHP. During the video, he put this certificate in the server. My question is, what is the purpose of using this certificate?
Solution
I believe because he is using tmhOAuth library.
On the tmhOAuth website, it says: "Version 0.60 hardened the security of the library and defaulted curl_ssl_verifypeer to true. As some hosting providers do not provide the most current certificate root file it is now included in this repository."
So because cURL connects to the HTTPS page it has to use SSL certificate.
OTHER TIPS
The cacert.pem file contains the current (as of the end of last year) root certificates for all the Certification Authorities for SSL/TLS sites. These are companies like VeriSign, Thawte, GeoTrust and so on who sell the "service" of signing the encryption keys for commercial websites. Such as the banks, Google, Facebook and all the other sites that, not only want a secure connection between their servers and customers, but also want their SSL keys recognised by the browsers people use.
This file is the one used by Mozilla in its browsers (Firefox, Seamonkey and others). The root certificates in the file have been used to sign the encryption keys of websites which have paid for the service. It usually involves a certain amount of effort on the part of the Certification Authority that the people buring the signature really do own the domain and website in question. So when an Internet user using, for example, Firefox visits a secure website the browser checks the encryption keys for the connection and checks that they have been signed by one of the root certificates it has on record. If the keys have been signed then the user sees a padlock and some nice and fluffy message about the site being safe. If the keys have not been signed then the user sees enormous warning messages and that they should proceed at their own risk.
Ray Villalobos' intention for using the Mozilla file would be to incorporate the same type of security checks into PHP code as presently exist in Mozilla's browsers (and also Thunderbird because it connects to the web to retrieve plug-ins and RSS feeds).
It should be noted, though, that an SSL or TLS key signed by one of these root certificates is not guaranteed as secure by virtue of the certification. The security of the connection is entirely up to the encryption keys generated on each server (and that end users are keeping their software up to date and a few other things). All the certification signature really proves is that somebody paid one of the Certification Authorities some money, filled out some forms and risked perjuring themselves if they were lying on (some of) the forms.
https://stackoverflow.com/questions/18940513
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian